How to differentiate file and udp in Logstash output section?

I'm new to Elasticsearch and Logstash.

In the Logstash conf file, if I have both "file" and "udp" as the source of the input, how do I differentiate them in the output?

For example:

input {
  file {
       path => ["/sample/data.log"]
 }
  udp {
       port => 9999
 }
}

How do I write the output part to differentiate them so I can save them in two different indices of Elasticsearch?

Solution

You can simply tag each document coming in from each input

input {
  file {
       path => ["/sample/data.log"]
       tags => ["file"]
  }
  udp {
       port => 9999
       tags => ["udp"]
  }
}
output {
  if "file" in [tags] {
    elasticsearch {
      index => "file-index"
      ...
    }
  }
  else if "udp" in [tags] {
    elasticsearch {
      index => "udp-index"
      ...
    }
  }
}

brew install elasticsearch on M1 macbook results in "Bad CPU type in executable" error
Spring Data Elasticsearch Bulk Index/Delete - Millions of Records
fluentd with OpenSearch - where does the @timestamp field come from?
Storing and managing Forex trading tick data
mongodb fulltext searching strategy
Is it possible to use elasticsearch synonyms dynamically?
Elasticsearch showing received plaintext http traffic on an https channel in console
Wildcard/regexp query with asterix chacter
How to Count Unique Assets with Specific Severity in Elasticsearch?
Am I correct that Elasticsearch simple_query_string does not support wildcards, but only prefix queries?
ElasticSearch text array length
Elasticsearch Nested Aggregations with Spring data elasticsearch 5.2
How to check that all shards are moved from a specific elasticsearch node?
How do to an Elasticsearch ESQL Distinct Query?
How can I add a field to existing mapping with values in other fields?
Elastic Search sort documents with same score using another field value
OpenSearch with Spring Boot - Displaying docuemnts by number of keywors
How to one value come first during sort on that field Elastic Search
Retrieve selected fields from a search
Logstash main class JvmOptionsParser not found / cannot load
What is the difference between standard and language analyzer in Elasticsearch?
How can I count all the occurrences within my date_histogram?
Reliable .NET API for Elastic Search
Not working fuzzy logic when use the fuzzines.auto elasticsearch
Yellow health status on elastic causing kibana to fail at launch?
How to Enable Logging in Rails Application with OpenSearch and Searchkick Integration?
ElasticSearch - Unable To Search Using Fuzzy Match Query For Underscore in value (ES Fuzzy not matching underscore value)
registering a custom analyzer and using it in a template
Elasticsearch implement off-the-shelf language analyser but use custom tokeniser
KQL query Count and Limit Matching Documents in Time Frame